Share Email Print
cover

Proceedings Paper

Weak models for insider threat detection
Author(s): Paul Thompson
Format Member Price Non-Member Price
PDF $14.40 $18.00

Paper Abstract

This paper describes the design for a content-based approach to detecting insider misuse by an analyst producing reports in an environment supported by a document control system. The approach makes use of Hidden Markov Models to represent stages in the Evidence-Based Intelligence Analysis Process Model (EBIAPM). This approach is seen as a potential application for the Process Query System / Tracking and Fusion Engine (PQS/TRAFEN). Actions taken by the insider are viewed as processes that can be detected in PQS/TRAFEN. Text categorization of the content of analyst's queries, documents accessed, and work product are used to disambiguate multiple EBIAPM processes.

Paper Details

Date Published: 15 September 2004
PDF: 9 pages
Proc. SPIE 5403, Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III, (15 September 2004); doi: 10.1117/12.548178
Show Author Affiliations
Paul Thompson, Dartmouth College (United States)


Published in SPIE Proceedings Vol. 5403:
Sensors, and Command, Control, Communications, and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense III
Edward M. Carapezza, Editor(s)

© SPIE. Terms of Use
Back to Top